MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6dc77d172939ae45d7e69d4dc61038e401c1665ab7de4bf71a7ff33b7e55e1bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6dc77d172939ae45d7e69d4dc61038e401c1665ab7de4bf71a7ff33b7e55e1bf
SHA3-384 hash: 85b0dccc3e7409451d6d61424d73b965d82668b4ebc634864a4ff9ab4b7895552b7b9d5e70232458231103daefc84c19
SHA1 hash: 5be4cbdc940f85f3fb3d5ecb5c9cb41b09d6657c
MD5 hash: 65d88dbf1de22b69c8eb9b5daf1148e8
humanhash: eight-venus-cold-table
File name:ELD 132P.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:416'110 bytes
First seen:2020-06-07 08:23:04 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:14B9RpCUmj7mbzcOCUEgvKRWfSfr32mMPxenUx:189Rdnb4gE/W6fiks
TLSH 8E9423D43A92F69837466CC2A11D16E89D22F46DD3361DA60CC3BB1C066532ED636ACF
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gyp.gr
Sending IP: 46.227.62.27
From: SAJID HASAN <avinash.bhandari@pilgroup.com>
Subject: REQUEST FOR QUOTATION
Attachment: ELD 132P.7z (contains "ELD 132P.bat")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Worm.AutoRun
Create hunting rule
Status:
Suspicious
First seen:
2020-06-07 08:25:05 UTC
AV detection:
19 of 30 (63.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nxdx2fzjhgxelv7gtvg4meby4qa4czs2w7pex5y2p7ztw7sv4g7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 6dc77d172939ae45d7e69d4dc61038e401c1665ab7de4bf71a7ff33b7e55e1bf

(this sample)

AgentTesla

Executable exe 999b005ba933482d16ed50e10a24d19ebfc4252423b701b66712a256c5c5303f

  
Dropping
MD5 9df9406096ebd563727f7bca2045f243
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 999b005ba933482d16ed50e10a24d19ebfc4252423b701b66712a256c5c5303f

Comments